Insights
Publications

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

April 26, 2022

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision, holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was unlikely that hiQ had violated the Computer Fraud and Abuse Act (CFAA), which is commonly understood to be an anti-hacking law. However, this opinion is only limited to publicly available information. Meaning, a scraping company could still be liable under the CFAA if it is scraping information from a website that requires authorization or access permission, such as password authentication. 

Additionally, the court noted that data aggregators could bring other, non-CFAA claims, against scraping entities even when those companies are scraping public information, such as breach of contract and copyright infringement claims. Thus, data scraping law is very nuanced and still in its early stages, making the guidance of counsel especially important before starting a data scraping business or cutting off access to data scrapers.

Farella Braun + Martel represented hiQ in obtaining the preliminary injunction and through its first appeal to the Ninth Circuit.

The Court’s Analysis

After the Ninth Circuit affirmed the preliminary injunction in 2019, LinkedIn filed a petition for writ of certiorari with the Supreme Court of the United States. The Supreme Court vacated the decision and remanded the case to the Ninth Circuit for further consideration in light of its decision in Van Buren v. United States, 141 S. Ct. 1648 (2021), a case concerning application of the Computer Fraud and Abuse Act (CFAA) in the criminal context. The Ninth Circuit once again affirmed the underlying hiQ Labs decision, largely mirroring its earlier analysis.

To obtain a preliminary injunction, a plaintiff must show that they are likely to succeed on the merits, likely to suffer irreparable harm in the absence of preliminary relief, the balance of equities tips in their favor, and an injunction is in the public interest. 

The Ninth Circuit found credible hiQ’s assertion that the survival of its business is threatened absent an injunction prohibiting LinkedIn from blocking hiQ from scraping publicly available information from LinkedIn’s website. Similarly, the balance of equities tipped “sharply” toward hiQ, given that LinkedIn’s interest in preventing data collection was outweighed by hiQ’s interest in continuing its business. Importantly, the court also determined that there was a strong public interest in preventing companies like LinkedIn from becoming “information monopolies” who could otherwise decide, on any basis, who can collect and use publicly available data.

The remainder of the Ninth Circuit’s decision explored how hiQ raised “serious questions” that supported its likelihood of success on the merits of its intentional interference with contract claim against LinkedIn. With respect to LinkedIn’s “legitimate business purpose” defense to this claim, the Ninth Circuit determined, inter alia, that hiQ’s interest in fulfilling its contracts with the customers of its data analytics products and services is stronger than LinkedIn’s comparatively weak “interest in protecting its members’ data and the investment made in developing its platform” and “enforcing its User Agreements’ prohibitions on automated scraping.”

The court also rejected LinkedIn’s further argument that blocking hiQ from scraping publicly available data was justified because such scraping violated the CFAA, 18 U.S.C. § 1030, which outlaws intentional access to a computer to obtain information “without authorization” from that protected computer (here, the LinkedIn servers would be the “protected computer”). Once again, the court agreed that hiQ had at least raised a “serious question” that its activities did not run afoul of the CFAA because LinkedIn’s information was accessible to the general public, and so data miners like hiQ were not accessing those servers “without authorization.”

The court explained that Congress created the CFAA with “hacking” and “breaking and entering” in mind, contemplating the existence of three kinds of computer system accessibility:

  1. access is open to the general public and permission is not required,
  2. authorization is required and has been given, and
  3. authorization is required but has not been given.

According to the Ninth Circuit, where information like a public LinkedIn profile is “available to anyone with an internet connection,” it falls under the first category, and thus the idea that anybody, including scraper entities, can access this information “without authorization” is “inapt.” The court added that Van Buren’s “gates-up-or-down inquiry”—“one either can or cannot access a computer system, and one either can or cannot access certain areas within the system”—is akin to categories (2) and (3). It held that Van Buren thus reinforces its conclusion “that the concept of ‘without authorization’ does not apply to public websites.”

Takeaways

Large data aggregators should not rely on the CFAA when bringing claims against scrapers of their publicly accessible data, or when defending against claims brought by those scrapers when the aggregators take measures to restrict access to the data. However, while the court closed one gate, it left several others open. In fact, it reminded readers that other causes of action including state law trespass to chattels, copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy may still apply to such scraping activities. Indeed, plaintiffs in data scraping lawsuits routinely include such claims in their complaints. 

Firm Highlights

News

Farella Braun + Martel Announces Five New Partners

Read More
Publication

What to Know About Taking a Data Center Company Public Through a SPAC

A recent IPO by InterPrivate IV Infratech Partners, a digital infrastructure-focused special purpose acquisition company, or SPAC, raised $250 million. Its impressive fundraising and management team, led by former CyrusOne CTO Kevin Timmons, may cause privately...

Read More
Publication

Platform Ecosystems – The Landscape of US and EU Legislation (Webinar)

Stephanie Skaff and Nate Garhart discuss "Platform Ecosystems – The Landscape of US and EU Legislation." Several new bills targeting online platform companies are making their way through state and federal legislative bodies in the...

Read More
Publication

Section 230 Immunity Won’t Protect You: State and Federal Lawmakers Take Aim at Social Media Companies With Proposed Legislation Creating Affirmative Duties to Act to Prevent Harm to Users

Three new bills, one introduced in the California Assembly and two in the US Senate, are taking aim at online social media platforms. If adopted, these bills would significantly alter existing duties to prevent...

Read More
News

Erica Villanueva Inducted Into American College of Coverage Counsel

Read More
News

Janice Reicher Named a 2022 Leadership Council on Legal Diversity Fellow

Farella Braun + Martel is proud to announce that Janice Reicher has been named a member of the 2022 class of Leadership Council on Legal Diversity (LCLD) Fellows. Janice joins a select group of...

Read More
Publication

No Quarter: What Claims Doesn’t Section 230 of the Communications Decency Act Protect Platform Companies Against?

Depending on what you read or who you talk to, Section 230 of the Communications Decency Act (47 U.S.C. § 230) (CDA) is either a tool of censorship, a shield of Big Tech that...

Read More
News

Tony Schoenberg Appointed to Bar Association of San Francisco Board of Directors

Anthony P. Schoenberg headshot
Read More
News

LinkedIn Loses Data Appeal

Erik Olson was quoted in the article "LinkedIn Loses Data Appeal" in CDR Magazine . In the article, Erik said: We are pleased to see that the Ninth Circuit has again affirmed, in light...

Read More
Event

Platform Ecosystems: Computer Fraud and Abuse Act and Other Scraping Law Developments (Webinar)

Join Stephanie Skaff and Erik Olson in the discussion on "Platform Ecosystems: Computer Fraud and Abuse Act and Other Scraping Law Developments." Web scraping has existed as long as the World Wide Web has...

Read More